Motorola unveils hardware-based security for mobile devices

Until recently, most encryption and security applications for secret and classified federal voice and data messages were in the form of fairly bulky hardware modifications to handheld devices. A new system could allow agencies to deploy commercial platforms while providing adequate levels of security.

Motorola’s Assured Mobile Environment uses an encrypted hardware card that can be inserted into most commercial handhelds on Android and Linux platforms. The core of the system builds the security into the hardware, said Gary Schluckbier, director of Motorola’s secure product group. Speaking at the Secure Wireless Conference and Symposium in Washington, D.C., Dec. 8, he said the system consists of a card designed to fit into most commercial wireless devices with a Micro SD slot and a kernel-level driver. The card meets FIPS 140-2 standards and can support Suite B encryption.

Mobile devices differ from traditional information technology systems in many ways, especially when it comes to security, Schluckbier said. By their nature, smart phones are in a hostile environment that literally touches the devices through its antenna, he said.

Mobile devices are also highly integrated systemwise. While this makes for a great user experience, it is a major security issue, Schluckbier said. He cited a recent memo from the Defense Department’s chief information officer stating that industry still has a long way to go before it can make mobile devices suitable for government use. The memo highlighted specific DOD concerns that industry had to address: access control, encryption, key management and authentication, PKI, software authentication and remote wiping.

The system supporting the Assured Mobile cards allows administrators to check device integrity. It also features secure key store and decryption capabilities. A hypervisor is used to separate trusted from untrusted components on the device. The hypervisor is small — 80 kilobytes — which makes is easy to analyze and it can work on a variety of processors. Because it is small, the hypervisor can move between platforms, making device certification easier, he said.

The Assured Mobile Environment is a single instantation to either Linux or Android platforms. Because there are many ways to compromise Android devices, the environment separates different drive components, making them more difficult to compromise, Schluckbier said.

Motorola released a voice-only version of the Assured Mobile Environment for the Motorola ES400 Enterprise Digital Assistant in 2011. An Android platform and enterprise tablet version of the system will be released in the second quarter of 2012, Motorola officials said.